Bugtraq mailing list archives
RE: On classifying attacks
From: "Forte Systems - Iosif Peterfi" <toto () fortesys ro>
Date: Tue, 2 Aug 2005 09:25:49 +0300
Well, yes. Interaction level is the key in the classification. Wonder if the community will make use of it. Iosif Peterfi Network Administrator S.C. Forte Systems SRL http://www.fortesys.ro/ -----Original Message----- From: Tim Nelson [mailto:tim.nelson () webalive biz] Sent: Tuesday, August 02, 2005 5:46 AM To: Forte Systems - Iosif Peterfi Cc: 'Crispin Cowan'; 'Technica Forensis'; 'Black, Michael'; 'James Longstreet'; 'Derek Martin'; bugtraq () securityfocus com Subject: RE: On classifying attacks On Fri, 29 Jul 2005, Forte Systems - Iosif Peterfi wrote:
Ok, so let's split them like this: 1. Simple 1.1 Remote 1.2 Local 2. Compound 2.1 Social engineered 2.2 Technical 2.3 Local
I prefer something just as simple, but maybe more flexible: 1. Interaction level i) Automatic (no victim action required) ii) Semi-Automatic (victim performs some normally safe action, ie. opening e-mail, or a cron job runs) iii) Manual (victim is socially engineered into performing su -c 'rm -rf /' or some such stupid thing) 2. Target i) Access ii) Elevation (Privilege elevation) For all attacks, select one item from section 1, and one from section 2. Traditional remote attacks are Automatic Access attacks. Traditional local attacks are Automatic Elevation attacks. E-mail trojans are Semi-Automatic or Manual Access attacks. Daniel Weber wrote:
I've seen a lot of classification schemes proposed on Bugtraq in the intervening years, some of them quite good. (Search the archives for "taxonomy" or "classification".) But unless they are -very- simple to use, they won't be taken up by the community. If you can come up with a single word that imputes the concept of "malicious data that I can easily get onto the victim's machine and in front of the victim's eyes but requires him to run it," that would be a great step forward.
Hmm. Methinks I need to use more hyphens; Semi-Automatic-Access attack :). HTH, -- Kind Regards, Tim Nelson Server Administrator P: 03 9934 0888 F: 03 9934 0899 E: tim.nelson () webalive biz W: www.webalive.biz WebAlive Technologies Level 1, Innovation Building Digital Harbour 1010 La Trobe Street Docklands Melbourne VIC 3008 This email (including all attachments) is intended solely for the named addressee. It is confidential and may contain legally privileged information. If you receive it in error, please let us know by reply email, delete it from your system and destroy any copies. This email is also subject to copyright. No part of it should be reproduced, adapted or transmitted without the written consent of the copyright owner. Emails may be interfered with, may contain computer viruses or other defects and may not be successfully replicated on other systems. We give no warranties in relation to these matters. If you have any doubts about the authenticity of an email purportedly sent by us, please contact us immediately. -- This message was scanned for spam and viruses by BitDefender. For more information please visit http://linux.bitdefender.com/
Current thread:
- RE: On classifying attacks Forte Systems - Iosif Peterfi (Aug 01)
- RE: On classifying attacks Tim Nelson (Aug 04)
- RE: On classifying attacks Forte Systems - Iosif Peterfi (Aug 06)
- Re: On classifying attacks Thierry Carrez (Aug 06)
- <Possible follow-ups>
- Re: On classifying attacks Daniel Weber (Aug 01)
- Re: On classifying attacks Shwaine (Aug 06)
- Re: On classifying attacks Duncan Simpson (Aug 06)
- Re: On classifying attacks Crispin Cowan (Aug 04)
- RE: On classifying attacks Tim Nelson (Aug 04)